Undecided between Panorays and an alternative? We’ve made it easy.
“Panorays enables us to assess and make decisions related to third-party vendors in an optimal fashion.”
Attack Surface
Includes fourth-party discovery, deep protocol inspection, human factor and business context. Deep inspection of cloud service providers (AWS, Azure) regions and availability zones. Fastest new vendor assessment in the industry (<2 hours). 99.8% findings accuracy.
Offers external attack surface assessment, but does not include deep cloud inspection or consideration of the human factor.
Impact: Incomplete view of third-party risk
Offers external attack surface assessment, but does not include deep cloud inspection or consideration of the human factor.
Impact: Incomplete view of third-party risk
Does not offer external attack surface assessment. Offers integration with SRS tools for extra fee.
Offers comprehensive external attack surface assessment.
Process Automation
Automates the entire TPSRM process from attack surface analysis to questionnaire assessments accounting for both inherent risk and residual risk, remediation and ongoing monitoring.
Separate offerings for Vendor Risk Management (VRM), VRM managed services and attack surface assessment. To enjoy full capabilities, customers need to purchase all three. Does not aggregate findings into bottom line cyber risk rating. Additionally, dispute resolution process is not mature.
Impact: Increased cost, incomplete view of third-party risk
Separate offerings for security ratings and security questionnaires. Does not aggregate findings into bottom line cyber risk rating. Security ratings do not consider questionnaires in their assessment. Takes around one week to process supplier disputes. Does not consider business context when evaluating suppliers.
Impact: Increased cost, incomplete view of third-party risk
TPSRM is a second priority for which OneTrust offers limited capabilities. Does not offer external attack surface assessment or continuous monitoring. Strong evidence collection with questionnaires.
Impact: Incomplete view of third-party risk
Strong attack surface assessment, but questionnaire capabilities are nascent. Does not consider inherent risk of the business relationship with a supplier. Disputes take approximately 30 days to rectify.
Impact: Increased cost, incomplete view of third-party risk
Questionnaires
Integration of both templated (ex. SIG, CAIQ) and customizable questionnaires included in the platform. Panorays’ questionnaires are based on advanced logic, include an analysis layer and are mapped against our external attack surface assessment to ensure authenticity of answers.
Offers smart questionnaire capabilities.
Offers questionnaires in separate product (Atlas).
Impact: Increased cost
Offers smart questionnaire capabilities.
Questionnaire capability is new and not yet fully developed, offered as a separate product.
Impact: Increased cost
Depth of Features
Panorays stands out with its complete questionnaire capabilities, attack surface assessment accuracy, rich contextualization of vendor relationships and corresponding workflows. Panorays’ basic offering includes protocols drill-down, a complete list of vendor technologies and CVE’s, questionnaire creation and simple-to use fourth-party discovery. Panorays is designed to save you time and improve your relationship with your vendors.
Features depend on which modules are purchased. Tiers and bundles may require purchase of non-priority items to get required functionality such as fourth-party security.
Impact: Increased cost
Does not consider inherent risk of the business relationship with vendors, or provide an aggregated risk score.
Impact: Increased cost, incomplete view of third-party risk
Vendor Risk Management is one of many OneTrust offerings that are available for separate purchases. Strong options in adjacent areas, such as Governance, Risk and Compliance.
Impact: Increased cost, incomplete view of third-party risk
Does not have deep inspection for public cloud providers.
Impact: Increased cost, incomplete view of third-party risk
Ease of Use
Streamlined, use case specific workflows are clear, simple to implement and cover all your third-party security risk management needs. Bottom-line risk rating and automated remediation plans save you time and let you focus on significant risk factor mitigation.
Provides a high-level summation of risk with the ability to drill down into precise technical details.
Impact: Increased operational costs
Provides a simple, intuitive interface for quick grade reports and charts.
Impact: Increased operational costs
Provides very intuitive user interface and an easy-to-use platform.
Provides detailed views of identified vendor risks enabling in-depth reporting.
Collaboration
Customers communicate directly with vendors in the app, streamlining remediation and dispute resolution, improving vendor relationships and enabling faster onboarding of approved vendors. Remediation plans are derived from both attack surface assessment and questionnaire responses.
Allows customers to communicate directly with vendors in the app, streamlining remediation.
Allows customers to communicate directly with vendors in the app. Remediation plans derived exclusively from attack surface assessment, not questionnaires.
Does not facilitate in-app communication between evaluator and vendor.
Impact: Increased operational costs
Allows customers to communicate directly with vendors in the app, streamlining remediation.
Value
Includes advanced features in basic offerings, such as dark web mentions, fourth-party discovery and all available data about the supplier. Panorays also offers a free account to suppliers or anyone that wants to get started with Third-Party Security Risk Management.
UpGuard’s business starter package starts at $18,999/year. Introductory offerings do not include critical features such as custom questionnaires, fourth-party discovery or dark web mentions. Customers need to purchase multiple modules to enjoy a complete TPSRM program.
Impact: High costs for complete solution
SSC offers a limited free starter plan, and Business pricing starts at $12,000/year for basic Security Rating functionality. Adding Atlas questionnaire abilities increases the cost significantly.
Impact: High costs for complete solution
Pricing is transparent for businesses under 1000 employees, where Questionnaire-driven Third-Party Risk Management starts at $7,200/year. Does not include Attack Surface Assessment. Pricing is not transparent for enterprise. Offers free security rating.
Impact: High costs for complete solution
Public pricing not available. Reported business pricing starts at $20,000 per year, plus an additional upcharge of $2,000-$2,500 per year for each vendor.
Impact: High costs for complete solution
Integrations
Offers comprehensive API, as well as out-of-the-box integrations with GRC platforms (ex. ServiceNow), data exchanges (ex. Snowflake), compliance platforms (anecdotes), asset management platforms and more.
UpGuard offers a standard API to pull data into other enterprise applications. UpGuard relies on Zapier as their primary integration platform.
Offers integrations with several third-party platforms such as RSA Archer, ServiceNow, and more. Weak integration quality between GRC and TPRM platforms.
Integrations are primarily focused on facilitating connections within the OneTrust solution portfolio.
Offers integrations with RSA Archer GRC, CyberGRX, OneTrust, ProcessUnity, MetricStream, and more. BitSight offers customers the ability to extend security ratings through a Developer API.
Customer Support
Recently nominated in SE Magazine for outstanding customer service, Panorays CS is consistently rated outstanding on review sites such as Gartner Peer Insights. Comprised of cybersecurity experts with vast experience supporting building TPSRM programs, our team is dedicated to automating your TPSRM and making it easily manageable. Panorays also has a designated security team, dedicated to finding third-party vulnerabilities before they happen.
UpGuard encourages its customers to purchase managed services; customer success has little emphasis.
Impact: High operational costs
Online resources do not emphasize superior customer service.
Impact: High operational costs
Online resources do not emphasize superior customer service.
Impact: High operational costs
Online resources do not emphasize superior customer service.
Impact: High operational costs
Gartner Peer Insights
Capterra
N/A
N/A